How Secure Is The Affordable Care Act Website?
by: Pat Hernandez, November 8, 2013 4:11:00 pm
Hacking the account of people applying to the Healthcare.gov website, would yield their addresses, birth dates and phone numbers.
Early in the launch of the website, coding errors and security holes were a concern to Congressional Republicans like Texas U.S. Sen. John Cornyn.
"I think there is confidence that they will ultimately get the website problems fixed, but I think the problems are much deeper than just the website, and go to the very structure of this unworkable system. We need to make it affordable for more people not more expensive, which is what happened."
He says he asked Secretary Sebelius about whether the Obamacare website could be hacked from the inside, exposing applicants' sensitive personal information.
"Including social security numbers, private healthcare information from people applying for Obamacare, and she said there aren't any background checks. And I asked her whether it's possible that a convicted felon could serve as a navigator, and she admitted that it was possible."
Barbara Chapman is Professor of Computer Science at UH. She says breaking into the hub would not be easy because it's well designed and guarded.
"The kind of information that's provided on this website is made available to many public and private entities on the web and they're always a certain privacy issues, and a certain amount of trust is required on part of the public. But there don't appear to be any security risks that are any different from other online services."
Keith Squires is a Texas based cyber-security expert. He says there are common security coding practices that most companies should be using that haven't been used.
"With this case in particular, this thing is so enormous and has so many tentacles and so many moving parts, and they're trying to absorb an industry that's been around for decades, and they're trying to do something in a short matter of time that's taken years to put together, and there were way to many things to do in such a short time frame — it didn't get done well."
Even if it is breached, Squires says hackers wouldn't get past dealing with encrypted messages and locked boxes.
"I think they're trying to figure out just how bad they might be.The trouble is, they're not subject to the same regulation about disclosing breaches that most commercial companies are. So if the system is breached and all that information is captured one way or another, then we'll really never know."